The report released this week found no breaches or stolen data from the mammoth computer systems of the
"The findings are very concerning to us," said
The report said the department employs more than 100 separate computer applications to track distribution of state aid to schools, teacher licensure, lunch programs and special education. A total of 60 MN.IT employees are assigned to the department, managing more than 1,000 department computers, servers, mobile devices and printers. Just two of the department's applications, the audit stated, processed
The audit concluded, among other things, that internal controls were not adequately protecting hardware and software. One important application used to parcel out billions of dollars in state funding "allowed simple passwords" and "permitted insecure methods to administer the system," the audit stated.
The legislative auditor found potential security weaknesses for the 21 servers that control the department's major applications. Some servers were not being regularly scanned for vulnerabilities, and problems that were found were not being addressed quickly, the audit said. Another finding: The department's systems lacked enough controls to prevent unauthorized access to its databases.
Unlike high-profile cases in which state driver's license data has been viewed inappropriately, this audit dealt with prevention, rather than response to an existing data problem.
"These are important systems that process large amounts of state financial activity," Ferkul said. "Some of these systems have data about students."
Their letter to the legislative auditor pointed out that some of the potential vulnerabilities involve older "legacy systems" that eventually will be updated, including the application used to process state spending for schools. The two commissioners said they would create a team to work on "vulnerability management" that would regularly search for problems and respond to them.
"We're working on all of those," said
(c)2013 the Star Tribune (Minneapolis)
Visit the Star Tribune (Minneapolis) at www.startribune.com
Distributed by MCT Information Services